NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Netgear R7000 and OpenVPN for Android App
Hi, since last OpenVPN for Android App update (v.0.6.73) downloadable at the following link: https://play.google.com/store/apps/details?id=de.blinkt.openvpn OpenSSL version was upgraded to 1.1 and...
Thanks everyone for feedback so far. Attached is version 1.0.1. I fixed some typos, added a suggestion to clean up your tftp folder when you're done, and made a note about the OpenVPN version that's most compatible with the document.
Some users looking to work through this doc may find that they can avoid Step 1 by visiting this hidden page:
If the debug page loads and there is an "Enable Telnet" option then you got lucky. Note that either the debug page or the option to "Enable Telnet" may not exist on your device or firmware version. Remember to check that this option is disabled after you're finished because having telnet enabled is a security risk.
Good for you. I filed one as well. Keep the pressure on. I consider this a simple napalm flyover spayobver on them to light them on fire so to speak. The sum all fears nuclear option is still available and that would be initiating the help of cybersecurity firms. Only with broad exposure in the news -- and damage to the image of the brand along with lost sales -- will they really do anything IMO.
After spending a day or so, I have managed to replace the VPN certificates and keys on the R7000 and verified it's working using OpenVPN Client app for Android. Also verified the old, replaced keys are dead.
I can try to post a tutorial but it will take some time and will be quite long just because of the number of tools involved. I also can only post a Windows guide but it should be possible from any platform.
Anyway: My point is it's possible, but it definitely isn't easy.
I can try to post a tutorial but it will take some time and will be quite long just because of the number of tools involved. I also can only post a Windows guide but it should be possible from any platform.
Anyway: My point is it's possible, but it definitely isn't easy.
- Also, if NG engineering is reading, I would say not only md5 signature but also size of the keys and DH param size are really not acceptable. Probably this has been optimized to minimize key generation time per unit, but I think this has to be improved.
- Please do post steps. I played with ASUS Merlin Voetex for my R7000 and liked it a lot. Cpu usage very low and I can control the VPN certificate directly. Just wanted to use circle.
At this point I am planning to buy a real circle and get off the offical netgear firmware.
But, it would be good to know how to change it if I wanted to.
- I won't enjoy some pointers.
I don't need detailed steps. I might not want lots of hacking.
I have done things like mounting iso images for modification and such, using Linux tools.
If you message me directly, we could chat about how difficult it seems. I have done formal documentation.
If there's no update from Netgear, I might look to DD-WRT.- I have asked one of the moderators if it's okay to make a new post with steps, since I don't know if such things are allowed. I hope I get a thumbs up, since this will help people solve the problem themselves at least in the short term. When I hear back I'll follow up.
BTW, I did manage to get SHA256 certs working, and surviving reboot and firmware changes, so that's good news. Also, larger key sizes and DH params work too.
ClarDold wrote:
I won't enjoy some pointers.I _would_ enjoy just some pointers.
(I shouldn't post from my phone. I miss some of the helpful auto-corrects.)So, decided to use ASUS-Merlin by Vortex for my R7000. It has VPN, and guess what, when it genrates certificates and keys it uses 1024bit, SHA256 signed certificate, and negotiates with AES-128-GCM/AES-256-GCM/AES-128-CBC/AES-256-CBC keys by default, but I can generate my own and paste them in if I want as well.
Seems ASUS has it all together.